How to Rollback a Patch using Configuration Manager

In this post we will see how to rollback a patch using configuration manager. Assume that you have deployed a set of updates to your windows computers and one of the update is really causing the issues with all the systems. Now you have been told to find that update and uninstall it from all systems. So you have to identify that update, this might need you to do a lot of troubleshooting to identify it. Once you do that you want to uninstall it from multiple systems. I will show you a simple way of uninstalling or removing a patch using SCCM. So let’s say you have identified that update and it’s KB3004394. Now that you know the KB number we can use the Task Sequence to uninstall patch from multiple systems. The task sequences can do lot of things. These tasks can deploy an operating system image to a destination computer, build and capture an operating system image from a set of operating system installation files, and capture and restore user state information.

How to Rollback a Patch using Configuration Manager

Open the control panel on one of the client computer. Click on Programs > Programsand Features > InstalledUpdates. You can see which updates are installed on the system. In this example we will see how to uninstall KB3004394.

Right click the Task sequence and click Deploy. On the General page, click on Browse and choose the collection. Click Next.

For Deployment Settings, choose Available or Required. In this example I have set the deployment setting to required. Click Next.

Difference between Available and Required in SCCM

Available – If the application is deployed to a user, the user sees the published application in the Application Catalog and can request it on demand. If the application is deployed to a device, the user will see it in the Software Center and can install it on demand. In simple words Available applications mean that users can choose to install the software when they want.

Required – The application is deployed automatically according to the configured schedule. However, a user can track the application deployment status if it is not hidden, and can install the application before the deadline by using the Software Center. Required applications have an installation schedule and automatically install if they are not already installed by a defined deadline.

To schedule the deployment, click on New and choose the Assignment schedule as As soon as possible. Click Next.

On Specify how to run the content for this program page, choose the Deployment options as Download all content locally before starting task sequence. Click Next.

Click Close.

After few minutes, launch the software center on the client machine and you will see that the task sequence has done its work. The patch has been uninstalled by the task sequence.

If you are looking for which log file to check for troubleshooting purpose, you need to open smsts.log file located on the client machine.

I am Prajwal Desai and I have been working in the IT for over 8 years with a strong focus on Microsoft Server Technologies. For the last five years, as a System Administrator I have been working on Lync, SCCM, Vmware, VDI, Exchange, Windows Servers etc. I’m currently very interested in everything related to Azure, Configuration Manager, Lync, Windows Server and Exchange.

Yes you are correct. But i wanted to show that a Task sequence can also do this.

Mike Compton

In which case, you should make clear in the opening paragraph, that this is not the best solution, wrapping the command in the task sequence engine is an unnecessary complication and overhead on the client; more to go wrong, more logs to check.

If you create the update as an Application, and enter the command line to remove it, you have the added benefit of being able to scan the system using a powershell script to confirm the hotfix has been removed, you can also control the restart better.

The above solution is far from the best available in SCCM 2012 i think.

Alesta

Will it works in server 2003?

Alesta

Will it works for server 2003?

8thHenry

Hello,

In the task sequence method can you have more than one KB in the TS? For instance could I have KB123456 and KB654321 in the same TS?